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were essentially ignored by the pending and prior rejections. No agreement was reached as to 
the allowability of the claims. 

In this application, claims 1-33 are currently pending. A copy of all claims as currently 
pending is attached at Appendix A. Claims 1-33 have been rejected under 35 U.S.C. § 103 as 
obvious in view of U.S. Patent No. 6,389,462 to Cohen et al. ("Cohen") further in view of 
alleged "well-known" art. Applicants submit that the pending claims are patentable over Cohen 
for the reasons set forth hereinafter, and accordingly request reconsideration and withdrawal of 
the pending rejections. 

Please refer to the prior response for a brief summary of the present application as well 
as a brief summary of Cohen. The discussion below will not repeat those summaries, but will 
focus on a discussion of the independent claims in numerical order followed by a discussion of 
the dependent claims. 

Independent Claim 1 

Pending claim 1 is presented below for the Office's convenience so that it may be 

more readily seen that the expressly recited claim elements alleged to be taught by Cohen are 

in fact not taught by Cohen: 

A method of controlling access to a desired resource hosted on a destination server, comprising 
the steps of: 

(a) receiving handshaking packets from a client machine intended to begin a session with 
the destination server; 

(b) redirecting network communications, including the steps of: 

redirecting the handshaking packets by rewriting the destination address in the 
handshaking packets' IP headers to route the packets to an access controlling web server; 
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receiving a content request packet from the client machine destined for the 
destination server intended to retrieve the desired resource from the destination server; and 

redirecting the content request packet by rewriting the destination address in the 
packet IP header to route the packet to the access controlling web server; 

(c) receiving a response from the access controlling web server; and 

(d) controlling access of the client machine to the desired resource based on the response 
from the access controlling web server. 

As in the prior Office action, the rejection focuses on elements (a) and (b), and then 
briefly mentions (c) and (d) without any real support in any reference. Element (c) calls for 
retrieving a response from an access controlling web server, and element (d) calls for then 
controlling the client machine's access to the desired resource based on that response. The 
action's citation of Cohen does not supply these limitations since, as discussed previously, 
the technique of Cohen does not control access at all - access is always granted, in the sense 
that the requested material is delivered transparently to the client. 

In the "Response to Arguments" section, the action appears to acknowledge that step 
(d) requires more than simply granting access. In particular, the action states, in the course 
of characterizing Cohen in order to reject the claim, that "If the request is accepted then it is 
sent to origin server." However, although applicants appreciate this acknowledgement that 
"control" means more than unconditionally granting access any time a request is made, this 
statement of Cohen's teachings is technically incorrect. There are a number of fairly 
apparent issues with respect to the action's characterization of Cohen, with respect to this 
element and others. These issues can be more fully appreciated by referring to the specific 
sections of Cohen that the action later cites for the various claimed steps. 




In re Appln. of Lamb et al. 
Serial No. 09/489,629 



In particular, on page 3 of the action, the Office addresses the limitation of "receiving 
a response from the access controlling web server," by citing to the DNS server of Cohen. 
However, a DNS (Domain Name System) server is simply a name resolution system that 
allows a client to locate another computer by domain name. The DNS server maintains and 
references a database mapping domain names to IP addresses. Thus, a DNS server does not 
perform a function of "controlling" access to anything and is thus clearly not an "access 
controlling web server" as required in the claim. 

Next, the action addresses the step of "controlling access of the client machine to the 
desired resource based on the response from the access controlling web server." In 
particular, the action cites Cohen at column 8, line 59, through column 9, line 18. The cited 
section is reproduced below, and a review of the cited section will show that it pertains only 
to packet redirection and has no bearing whatsoever on controlling access to a desired 

resource based on a response received from an access controlling web server. 

In establishing a TCP connection that is directed to an origin server, client 101-1 first transmits a SYN 
packet, which is intercepted by proxy redirector 104. Proxy redirector 104 selects a proxy cache, such as 
proxy 1 10-1, to redirect this request and creates a connection control block (CCB) to maintain information 
about the connection. Selection of the particular proxy is determined, as described above, by one of several 
possible algorithms. The CCB is used to store the client IP address and TCP port number and the origin 
server IP address and TCP port number, both of which are contained in the IP header of the SYN packet, 
and the chosen proxy's IP address. The destination address is then changed to that of the chosen proxy and 
the packet is sent back to the network for redirection to its new destination address of the proxy 1 10-1. All 
subsequent packets that originate from the same client with the same TCP port number are then forwarded 
to the same proxy. Proxy 110-1 responds with an ACK SYN packet which is directed via its destination 
address to proxy redirector 110-1. Proxy redirector 104 then translates the source IP address and port 
number to those of the origin server and the destination IP address and port number to those of the client. 
When the packet arrives at the client the client believes that it is connected to the origin server. The client 
then responds with an ACK packet to the origin server, which is redirected by proxy redirector 104 to 
proxy cache 1 10-1, to complete the handshaking process. 
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The Office also generally cites figure 1 of Cohen as supplying this limitation. 
However, applicants cannot identify from figure 1 what is intended as the recited response or 
the access control based on that response. If the Office persists in the present rejection of 
claim 1, clarification is requested. In particular, please identify what in figure 1 of Cohen, 
and/or in the above-quoted section of Cohen, is alleged by the Office to correspond to 
"controlling access of the client machine to the desired resource based on the response from 
the access controlling web server." More specifically, what is alleged to be the "access 
controlling web server?" Is it still a DNS server? What is the "response?" Where is the 
"control" that is based on that response? 

Applicants are mindful that the Office may be conscientiously attempting to give the 
claim its "broadest reasonable interpretation." However, in the process, the entire limitation 
of "controlling access of the client machine to the desired resource based on the response 
from the access controlling web server" appears to have been summarily abridged to simply 
"granting access" Is this the broadest possible interpretation? Probably. Is this the 
broadest reasonable interpretation? Not at all. A system that always grants access without 
question cannot in any sense be said to "control" access as that concept is used in the claim, 
the specification, and the English language. Moreover, the controlling of access, as recited in 
the claim, is to be "based on the response from the access controlling web server." Since the 
DNS server has been cited as the access controlling web server, and since the DNS server 
provides no response that is later used to control access to anything, there is no control of 
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access "based on the response from the access controlling web server." Moreover, the 
action's citation to a bare listing of additional references does cure this deficiency. 

Because the cited references contain no teaching pertaining to at least two of the 
expressly recited elements of claim 1 as discussed above, it is respectfully submitted that a 
prima facie case of obviousness still has not, and cannot, be presented based on Cohen as a 
primary reference. It is accordingly requested that the rejection of claim 1 be reconsidered 
and withdrawn. If the rejection is maintained, please note the above requests for clarification 
in the interest of clear and accurate prosecution. 

Moreover, with respect to the rejection of claim 1 applicants further request 
adherence to the MPEP rules with respect to the manner in which references are to be 
properly combined under § 103. In particular, the action states that "it would have been 
obvious... to incorporate the technique of redirection the client request to the destination was 
well-known in the art into the Cohen's apparatus in order to facilitate the router on network. 
Doing so would enhance the security and provide a control access over the persistent 
connection." This reasoning or rationale for modifying Cohen is not clear at all. What does 
"to facilitate the router on network" mean and how is Cohen to be modified to make this 
happen? How does the proposed modification "enhance the security and provide a control 
access over the persistent connection?" 
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Even if the answer to the above questions is that there is some benefit to applicants' 
claimed combination of elements as gleaned from prior art 1 , that would seem to be motivated 
by applicants' own disclosure. Keeping in mind that essentially every invention is made up 
of a beneficial combination of known elements, is there a teaching or motivation for 
combination to be found in the art? 2 Applicants respectfully request clarification via a 
response to all of the foregoing queries if this rejection is maintained. 

Independent Claims 17 and 33 

Claims 17 and 33 stand rejected on the same grounds as claim 1. Claim 17 is a 
Beauregard claim that corresponds substantially to the method of claim 1. Although they are 
not identical, the relevant element of "controlling access of the client machine to the desired 
resource based on the response from the access controlling web server" is present as well in 
claim 17, and the reasoning given for rejecting the claim is identical. For the reasons stated 
above in applicants' comments regarding claim 1, Cohen teaches neither this limitation nor 
the predicate limitation of receiving a response, and it is accordingly requested that the 
rejection of claim 17 be reconsidered and withdrawn. 

Turning to claim 33, this claim is an independent claim that was added by way of 
applicants' prior amendment. Claim 33 recites the following: 

1 This should not be the case since Cohen is substantially devoid of relevant teachings as discussed above. 

2 Put another way, the examiner has tried to reconstruct the claim by assembling teachings from various references 
and has purportedly arrived at the very same beneficial combination that the applicants now claim. But-was the act 
of assembling the various collected teachings motivated by something in the art itself, or was it instead motivated by 
the fact that applicants had presented, in the form of a claim, a particular combination of elements? 
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In a computer network environment comprising a client, a hosting server, an access controlling 
server, and a gateway interposed between the client and both of the hosting server and the access 
controlling server, a method of controlling access of the client to a desired resource hosted on the 
hosting server, comprising the steps of: 

(a) receiving at the gateway a request from the client for the desired resource and 
redirecting the request to the access controlling server; 

(b) receiving at the gateway a permission notification from the access controlling server; 

and 

(c) controlling access of the client machine to the desired resource based on the content 
of the permission notification received from the access controlling server. 



Although claim 33 bears some resemblance to the other independent claims discussed 
thus far, it is nonetheless significantly different, rendering it different in scope, and thus the 
individual limitations of this claim should be considered. For example, as can be seen, the 
claim recites "(b) receiving at the gateway a permission notification from the access 
controlling server; and (c) controlling access of the client machine to the desired resource 
based on the content of the permission notification received from the access controlling 
server." 

There is no indication in the Office action as to what teaching in Cohen is said to 
correspond to the recited permission notification, nor what teaching in Cohen is said to 
correspond to the recited actions taken upon receipt of such a notification. The Office is 
respectfully requested to address and provide clarification as to what specific teachings of 
Cohen are alleged to render this claim unpatentable. 

Applicants have searched Cohen and the other references of record and have been 
unable to identify any teachings related to the elements of claim 33, including especially the 
elements of receiving a permission notification from the access controlling server and 
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controlling access to the desired resource based on the content of the permission notification. 
This makes sense given that Cohen's technique does not pertain in any way to granting of 
permission or controlling of access to resources but instead pertains to simple redirection and 
service by proxy. Accordingly, it is respectfully submitted that Cohen does not teach each 
element of claim 33, and it is respectfully requested that the rejection of claim 33 be 
reconsidered and withdrawn. 

The Dependent Claims 

Pending claims 2-16 and 18-32 are dependent claims, based on claims 1 and 17 
respectively. Each of these dependent claims is patentable for at least the same reasons, 
discussed above, that the respective base claim is patentable. Accordingly, reconsideration 
and withdrawal of the rejections on that basis is requested. Moreover, the dependent claims 
recite additional limitations that further distinguish the claims from the art. 

For example, claims 2 and 18 additionally recite that the step of "controlling access to 
the desired resource based on the response from the access controlling web server further 
comprises the step of: establishing a connection between the client machine and the 
destination server if the response indicates that access to the desired resource is allowable." 
This not taught anywhere in Cohen. The Office action states that this is an "inherent feature 
of DNS server." As discussed above, a DNS server provides a look-up function and no 
more. It does not control access, either by granting or denying access to a resource. In fact, 
the DNS server typically does not lie between the client and the intended destination (see 
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Cohen fig. 1) and thus could not exercise any control over that connection. If the Office has 
knowledge of a reference that indicates that DNS servers normally interfere with the 
connection between a client and server, an express citation to such a reference is requested in 
the interest of fair and efficient prosecution. Otherwise, the alleged trait of DNS servers does 
not appear to be inherent and applicants request that these rejections be withdrawn for this 
additional reason as well. 

As another example, claims 4 and 20 recite that the "response indicates that access to 
the desired resource is allowable if the access controlling web server does not recognize the 
URL of the GET URL packet." Although the action cites to Cohen (col. 5, lines 10-31) as 
teaching this element, the cited portion of Cohen says nothing about a server (be it access 
controlling or otherwise) failing to recognize a URL and then granting access on that basis. 
Clarification is requested. In particular, what in column 5 at lines 10-3 1 is being referred to 
by the Office action? For the convenience of the reader, the cited portion of Cohen is 
reproduced below. 

The problems associated with the prior art techniques for transparent proxy caching are eliminated by the 
present invention. In accordance with the present invention, a switching entity, such as the L4 switch 
(referred to hereinafter as a proxy redirector), through which the packets flow, is provided with the 
functionalities at the IP level necessary to transform the complete URL in each GET request transmitted by 
a client to an appropriate absolute URL. Specifically, the IP address found in the destination field in the IP 
header of the packet(s) from the client containing the GET request are added as a prefix by the proxy 
redirector to the complete URL in the GET request. As a result, the complete URL in the GET request is 
modified to form an absolute URL which, when received by the proxy cache, is directly used to determine 
if the requested object is stored in the cache and, if not, to establish a separate TCP connection to the origin 
server. The GET request received by the proxy is thus equivalent to what it would expect to receive if it 
were operating in the non-transparent mode. Advantageously, if a persistent connection is established, each 
subsequent GET request has the same IP address prefix determined by the initial DNS look-up by the 
client. 
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Applicants respectfully submit that nothing in this cited section nor any other section of 
Cohen teaches the recited limitation. Accordingly, reconsideration and withdrawal of the 
rejections of claims 4 and 20 is respectfully requested for this additional reason as well. 

As yet another example, claims 5 and 21 recite "refusing a connection to the 
destination server, and establishing instead a connection between the client machine and the 
access controlling web server if the response is that the access controlling web server 
recognizes the URL of the GET URL packet." Although the action states that Cohen teaches 
this limitation, no particular citation is given, and applicants 5 review of Cohen uncovered no 
such teaching. It is respectfully submitted that Cohen does not teach this limitation, and 
reconsideration and withdrawal of the rejections of claims 5 and 21 is respectfully requested 
for this additional reason. If the rejections are maintained, a specific citation to prior art is 
respectfully requested as such would greatly aid in the fair and expeditious prosecution of 
these claims. 

To keep this response to a reasonable length and to conserve the reader's time, 
applicants will not detail every way in which Cohen fails to meet the recited claim 
limitations of every claim (with respect to those elements for which it is cited). Briefly 
though, please note the following: (1) contrary to paragraphs 10 and 1 1 of the action, Cohen 
does not teach deciding whether to redirect based on the content of a handshaking packet 
(Cohen just redirects in every case); (2) contrary to paragraph 12 of the action, Cohen does 
not teach that a response "indicates that access to the desired resource is allowable if 'the 
access controlling web server recognizes the URL of the GET URL packet" (As discussed, 
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Cohen does not address allowability or non-allowability of access at all); (3) contrary to 
paragraph 13 of the action, Cohen does not teach "refusing a connection to the destination 
server, and establishing instead a connection between the client machine and the access 
controlling web server if the response indicates that the access controlling web server does 
not recognize the URL of the GET URL packet" (Cohen does not address this type of 
connection refusal and redirection based on nonrecognition of a URL); and (4) contrary to 
paragraph 14 of the action, Cohen does not teach that the access controlling web server is an 
RSACi Web Server (Although the action points to Figure 1 to demonstrate inherency, many 
web servers are not RSACi Web Servers, and in addition figure 1 does not show an RSACi 
Web Server, so the assertion of inherency is traversed). 

With respect to paragraph 15 of the Office action, the action's allegation of well- 
known knowledge is traversed as is the asserted combination of art. If the rejection of claims 
7, 14, 23, and 30 is to be made under § 103, then it is requested that a rejection under § 103 
meeting the requirements of the MPEP for such a rejection be offered. Namely, it is 
requested that specific citations to references be made to show the claim elements as well as 
the motivation for combination and any expectation of success. If on the other hand the 
rejection was intended to be made under § 102, then it is not seen how Cohen teaches the 
recited additional limitations. Presently, there is no prima facie case presented by the action 
under either § 102 or § 103 and applicants respectfully request for this additional reason that 
the rejections of dependent claims 7, 14, 23, and 30 be withdrawn. 
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Conclusion 

The application is considered to be in good and proper form for allowance, and the 
Examiner is respectfully requested to pass this application to issue. 

If, in the opinion of the Examiner, a further telephone conference would expedite the 
prosecution of the subject application, the Examiner is invited to call the undersigned attorney. 



Respectfully submitted, 




Phillip M. Pippenger, Reg. No. 46055 
One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 
Chicago, Illinois 60601-6780 
(312) 616-5600 (telephone) 
(312)616-5700 (facsimile) 



Date: June 30, 2003 
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